static char * geanypg_result(gpgme_signature_t sig)
{
char format[] =
"status ....: %s\n"
"summary ...:%s\n"
"fingerprint: %s\n"
"created ...: %s"
"expires ...: %s"
"validity ..: %s\n"
"val.reason : %s\n"
"pubkey algo: %s\n"
"digest algo: %s\n"
"pka address: %s\n"
"pka trust .: %s\n"
"other flags:%s%s\n"
"notations .: %s\n"; // 210 characters
char * buffer = (char *)calloc(2048, 1); // everything together probably won't be more
// than 1061 characters, but we don't want to
// take risks
char summary[128];
const char * pubkey = gpgme_pubkey_algo_name(sig->pubkey_algo);
const char * hash = gpgme_hash_algo_name(sig->hash_algo);
char created[64];
char expires[64];
if (sig->timestamp)
strncpy(created, ctime((time_t*)&sig->timestamp), 64);
else
strcpy(created, "Unknown\n");
if (sig->exp_timestamp)
strncpy(expires, ctime((time_t*)&sig->exp_timestamp), 64);
else
strcpy(expires, "Unknown\n");
memset(summary, 0, 128);
sprintf(buffer, format,
gpgme_strerror(sig->status), // probably won't be more than 128
geanypg_summary(sig->summary, summary), // max 105 characters
sig->fpr ? sig->fpr : "[None]", // max 40 characters
created, // probably about 24 characters
expires, // probably about 24 characters
geanypg_validity(sig->validity), // max 11 characters
gpgme_strerror(sig->status), // probably won't be more than 128
pubkey ? pubkey : "Unknown", // probably won't be more than 32
hash ? hash : "Unknown", // probably won't be more than 32
sig->pka_address ? sig->pka_address : "[None]", // probably won't be more than 128
sig->pka_trust == 0 ? "n/a" : sig->pka_trust == 1 ? "bad" : sig->pka_trust == 2 ? "okay": "RFU", // max 4 characters
sig->wrong_key_usage ? " wrong-key-usage" : "", sig->chain_model ? " chain-model" : "", // max 28 characters
sig->notations ? "yes" : "no"); // max 3 characters
return buffer;
}
gpgme_verify_result_t
gpgme_op_verify_result (gpgme_ctx_t ctx)
{
void *hook;
op_data_t opd;
gpgme_error_t err;
TRACE_BEG (DEBUG_CTX, "gpgme_op_verify_result", ctx);
err = _gpgme_op_data_lookup (ctx, OPDATA_VERIFY, &hook, -1, NULL);
opd = hook;
if (err || !opd)
{
TRACE_SUC0 ("result=(null)");
return NULL;
}
if (_gpgme_debug_trace ())
{
gpgme_signature_t sig = opd->result.signatures;
int i = 0;
while (sig)
{
TRACE_LOG4 ("sig[%i] = fpr %s, summary 0x%x, status %s",
i, sig->fpr, sig->summary, gpg_strerror (sig->status));
TRACE_LOG6 ("sig[%i] = timestamps 0x%x/0x%x flags:%s%s%s",
i, sig->timestamp, sig->exp_timestamp,
sig->wrong_key_usage ? "wrong key usage" : "",
sig->pka_trust == 1 ? "pka bad"
: (sig->pka_trust == 2 ? "pka_okay" : "pka RFU"),
sig->chain_model ? "chain model" : "");
TRACE_LOG5 ("sig[%i] = validity 0x%x (%s), algos %s/%s",
i, sig->validity, gpg_strerror (sig->validity_reason),
gpgme_pubkey_algo_name (sig->pubkey_algo),
gpgme_hash_algo_name (sig->hash_algo));
if (sig->pka_address)
{
TRACE_LOG2 ("sig[%i] = PKA address %s", i, sig->pka_address);
}
if (sig->notations)
{
TRACE_LOG1 ("sig[%i] = has notations (not shown)", i);
}
sig = sig->next;
i++;
}
}
TRACE_SUC1 ("result=%p", &opd->result);
return &opd->result;
}
static void
set_row (GtkCMCList *clist, gpgme_key_t key, gpgme_protocol_t proto)
{
const char *s;
const char *text[N_COL_TITLES];
char *algo_buf;
int row;
gsize by_read = 0, by_written = 0;
gchar *ret_str = NULL;
/* first check whether the key is capable of encryption which is not
* the case for revoked, expired or sign-only keys */
if (!key->can_encrypt || key->revoked || key->expired || key->disabled)
return;
algo_buf = g_strdup_printf ("%du/%s",
key->subkeys->length,
gpgme_pubkey_algo_name(key->subkeys->pubkey_algo) );
text[COL_ALGO] = algo_buf;
text[COL_KEYID] = key->subkeys->keyid;
s = key->uids->name;
if (!s || !*s)
s = key->uids->uid;
if (proto == GPGME_PROTOCOL_CMS) {
if (strstr(s, ",CN="))
s = strstr(s, ",CN=")+4;
else if (strstr(s, "CN="))
s = strstr(s, "CN=")+3;
}
ret_str = NULL;
if (!g_utf8_validate(s, -1, NULL))
ret_str = g_locale_to_utf8 (s, strlen(s), &by_read, &by_written, NULL);
if (ret_str && by_written) {
s = ret_str;
}
text[COL_NAME] = s;
if (proto == GPGME_PROTOCOL_CMS && (!key->uids->email || !*key->uids->email)) {
gpgme_user_id_t uid = key->uids->next;
if (uid)
s = uid->email;
else
s = key->uids->email;
} else {
s = key->uids->email;
}
ret_str = NULL;
if (!g_utf8_validate(s, -1, NULL))
ret_str = g_locale_to_utf8 (s, strlen(s), &by_read, &by_written, NULL);
if (ret_str && by_written) {
s = ret_str;
}
text[COL_EMAIL] = s;
switch (key->uids->validity)
{
case GPGME_VALIDITY_UNDEFINED:
s = _("Undefined");
break;
case GPGME_VALIDITY_NEVER:
s = _("Never");
break;
case GPGME_VALIDITY_MARGINAL:
s = _("Marginal");
break;
case GPGME_VALIDITY_FULL:
s = _("Full");
break;
case GPGME_VALIDITY_ULTIMATE:
s = _("Ultimate");
break;
case GPGME_VALIDITY_UNKNOWN:
default:
s = _("Unknown");
break;
}
text[COL_VALIDITY] = s;
row = gtk_cmclist_append (clist, (gchar**)text);
g_free (algo_buf);
gtk_cmclist_set_row_data_full (clist, row, key, destroy_key);
}
gchar *sgpgme_sigstat_info_full(gpgme_ctx_t ctx, gpgme_verify_result_t status)
{
gint i = 0;
gchar *ret;
GString *siginfo;
gpgme_signature_t sig = NULL;
siginfo = g_string_sized_new(64);
if (status == NULL) {
g_string_append_printf(siginfo,
_("Error checking signature: no status\n"));
goto bail;
}
sig = status->signatures;
while (sig) {
char buf[100];
struct tm lt;
gpgme_user_id_t user = NULL;
gpgme_key_t key;
gpgme_error_t err;
const gchar *keytype, *keyid, *uid;
err = gpgme_get_key(ctx, sig->fpr, &key, 0);
if (err != GPG_ERR_NO_ERROR) {
key = NULL;
g_string_append_printf(siginfo,
_("Error checking signature: %s\n"),
gpgme_strerror(err));
goto bail;
}
if (key) {
user = key->uids;
keytype = gpgme_pubkey_algo_name(
key->subkeys->pubkey_algo);
keyid = key->subkeys->keyid;
uid = user->uid;
} else {
keytype = "?";
keyid = "?";
uid = "?";
}
memset(buf, 0, sizeof(buf));
fast_strftime(buf, sizeof(buf)-1, prefs_common_get_prefs()->date_format, localtime_r(&sig->timestamp, <));
g_string_append_printf(siginfo,
_("Signature made on %s using %s key ID %s\n"),
buf, keytype, keyid);
switch (gpg_err_code(sig->status)) {
case GPG_ERR_NO_ERROR:
g_string_append_printf(siginfo,
_("Good signature from uid \"%s\" (Validity: %s)\n"),
uid, get_validity_str(user?user->validity:GPGME_VALIDITY_UNKNOWN));
break;
case GPG_ERR_KEY_EXPIRED:
g_string_append_printf(siginfo,
_("Expired key uid \"%s\"\n"),
uid);
break;
case GPG_ERR_SIG_EXPIRED:
g_string_append_printf(siginfo,
_("Expired signature from uid \"%s\" (Validity: %s)\n"),
uid, get_validity_str(user?user->validity:GPGME_VALIDITY_UNKNOWN));
break;
case GPG_ERR_CERT_REVOKED:
g_string_append_printf(siginfo,
_("Revoked key uid \"%s\"\n"),
uid);
break;
case GPG_ERR_BAD_SIGNATURE:
g_string_append_printf(siginfo,
_("BAD signature from \"%s\"\n"),
uid);
break;
default:
break;
}
if (sig->status != GPG_ERR_BAD_SIGNATURE) {
gint j = 1;
user = user ? user->next : NULL;
while (user != NULL) {
g_string_append_printf(siginfo,
_(" uid \"%s\" (Validity: %s)\n"),
user->uid,
user->revoked==TRUE?_("Revoked"):get_validity_str(user->validity));
j++;
user = user->next;
}
g_string_append_printf(siginfo,_("Owner Trust: %s\n"),
get_owner_trust_str(key->owner_trust));
g_string_append(siginfo,
_("Primary key fingerprint:"));
const char* primary_fpr = NULL;
if (key && key->subkeys && key->subkeys->fpr)
primary_fpr = key->subkeys->fpr;
else
g_string_append(siginfo, " ?");
int idx; /* now pretty-print the fingerprint */
for (idx=0; primary_fpr && *primary_fpr!='\0'; idx++, primary_fpr++) {
if (idx%4==0)
g_string_append_c(siginfo, ' ');
if (idx%20==0)
g_string_append_c(siginfo, ' ');
g_string_append_c(siginfo, (gchar)*primary_fpr);
}
g_string_append_c(siginfo, '\n');
#ifdef HAVE_GPGME_PKA_TRUST
if (sig->pka_trust == 1 && sig->pka_address) {
g_string_append_printf(siginfo,
_("WARNING: Signer's address \"%s\" "
"does not match DNS entry\n"),
sig->pka_address);
}
else if (sig->pka_trust == 2 && sig->pka_address) {
g_string_append_printf(siginfo,
_("Verified signer's address is \"%s\"\n"),
sig->pka_address);
/* FIXME: Compare the address to the
* From: address. */
}
#endif /*HAVE_GPGME_PKA_TRUST*/
}
g_string_append(siginfo, "\n");
i++;
sig = sig->next;
}
bail:
ret = siginfo->str;
g_string_free(siginfo, FALSE);
return ret;
}
void gpgDebugKey(gpgme_key_t key)
{
TRACE(99, "gpgDebugKey()", NULL);
gpgme_subkey_t skey;
gpgme_user_id_t uid;
fprintf(stderr, "=================================================\n");
fprintf(stderr, "revoked: %s\n", (key -> revoked) ? "yes" : "no");
fprintf(stderr, "expired: %s\n", (key -> expired) ? "yes" : "no");
fprintf(stderr, "disabled: %s\n", (key -> disabled) ? "yes" : "no");
fprintf(stderr, "invalid: %s\n", (key -> invalid) ? "yes" : "no");
fprintf(stderr, "can_encrypt: %s\n", (key -> can_encrypt) ? "yes" : "no");
fprintf(stderr, "can_sign: %s\n", (key -> can_sign) ? "yes" : "no");
fprintf(stderr, "can_certify: %s\n", (key -> can_certify) ? "yes" : "no");
fprintf(stderr, "can_authenticate: %s\n", (key -> can_authenticate) ? "yes" : "no");
fprintf(stderr, "secret: %s\n", (key -> secret) ? "yes" : "no");
fprintf(stderr, "issuer name: '%s'\n", key -> issuer_name);
fprintf(stderr, "chain id: '%s'\n", key -> chain_id);
switch (key -> owner_trust)
{
case GPGME_VALIDITY_UNKNOWN:
fprintf(stderr, "owner trust: unknown\n");
break;
case GPGME_VALIDITY_UNDEFINED:
fprintf(stderr, "owner trust: undefined\n");
break;
case GPGME_VALIDITY_NEVER:
fprintf(stderr, "owner trust: never\n");
break;
case GPGME_VALIDITY_MARGINAL:
fprintf(stderr, "owner trust: marginal\n");
break;
case GPGME_VALIDITY_FULL:
fprintf(stderr, "owner trust: full\n");
break;
case GPGME_VALIDITY_ULTIMATE:
fprintf(stderr, "owner trust: ultimate\n");
break;
default:
fprintf(stderr, "owner trust: ERROR\n");
break;
}
fprintf(stderr, "\n");
skey = key -> subkeys;
while (skey)
{
fprintf(stderr, "subkeys\n");
fprintf(stderr, "\trevoked: %s\n", (skey -> revoked) ? "yes" : "no");
fprintf(stderr, "\texpired: %s\n", (skey -> expired) ? "yes" : "no");
fprintf(stderr, "\tdisabled: %s\n", (skey -> disabled) ? "yes" : "no");
fprintf(stderr, "\tinvalid: %s\n", (skey -> invalid) ? "yes" : "no");
fprintf(stderr, "\tcan_encrypt: %s\n", (skey -> can_encrypt) ? "yes" : "no");
fprintf(stderr, "\tcan_sign: %s\n", (skey -> can_sign) ? "yes" : "no");
fprintf(stderr, "\tcan_certify: %s\n", (skey -> can_certify) ? "yes" : "no");
fprintf(stderr, "\tcan_authenticate: %s\n", (skey -> can_authenticate) ? "yes" : "no");
fprintf(stderr, "\tsecret: %s\n", (skey -> secret) ? "yes" : "no");
fprintf(stderr, "\tpubkey algo: '%s'\n", gpgme_pubkey_algo_name(skey -> pubkey_algo));
fprintf(stderr, "\tlength: %d\n", skey -> length);
fprintf(stderr, "\tkey id: '%s'\n", skey -> keyid);
fprintf(stderr, "\tfpr: '%s'\n", skey -> fpr);
fprintf(stderr, "\ttimestamp: %ld\n", skey -> timestamp);
fprintf(stderr, "\texpires: %ld\n", skey -> expires);
skey = skey -> next;
}
fprintf(stderr, "\n");
uid = key -> uids;
while (uid)
{
fprintf(stderr, "uid\n");
fprintf(stderr, "\trevoked: %s\n", (uid -> revoked) ? "yes" : "no");
fprintf(stderr, "\tinvalid: %s\n", (uid -> invalid) ? "yes" : "no");
switch (uid -> validity)
{
case GPGME_VALIDITY_UNKNOWN:
fprintf(stderr, "\towner trust: unknown\n");
break;
case GPGME_VALIDITY_UNDEFINED:
fprintf(stderr, "\towner trust: undefined\n");
break;
case GPGME_VALIDITY_NEVER:
fprintf(stderr, "\towner trust: never\n");
break;
case GPGME_VALIDITY_MARGINAL:
fprintf(stderr, "\towner trust: marginal\n");
break;
case GPGME_VALIDITY_FULL:
fprintf(stderr, "\towner trust: full\n");
break;
case GPGME_VALIDITY_ULTIMATE:
fprintf(stderr, "\towner trust: ultimate\n");
break;
default:
fprintf(stderr, "\towner trust: ERROR\n");
break;
}
fprintf(stderr, "\tuid: '%s'\n", uid -> uid);
fprintf(stderr, "\tname: '%s'\n", uid -> name);
fprintf(stderr, "\tcomment: '%s'\n", uid -> comment);
fprintf(stderr, "\temail: '%s'\n", uid -> email);
uid = uid -> next;
}
}
int
main (int argc, char **argv)
{
gpgme_error_t err;
gpgme_ctx_t ctx;
gpgme_key_t key;
gpgme_keylist_result_t result;
int i = 0;
init_gpgme (GPGME_PROTOCOL_CMS);
err = gpgme_new (&ctx);
fail_if_err (err);
gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
err = gpgme_op_keylist_start (ctx, NULL, 0);
fail_if_err (err);
while (!(err = gpgme_op_keylist_next (ctx, &key)))
{
if (!keys[i].fpr)
{
fprintf (stderr, "More keys returned than expected\n");
exit (1);
}
if (strcmp (key->subkeys->fpr, keys[i].fpr))
{
fprintf (stderr, "Warning: Skipping unknown key %s\n",
key->subkeys->fpr);
continue;
}
else
printf ("Checking key %s\n", key->subkeys->fpr);
/* Global key flags. */
if (key->revoked)
{
fprintf (stderr, "Key unexpectedly revoked\n");
exit (1);
}
if (key->expired)
{
fprintf (stderr, "Key unexpectedly expired\n");
exit (1);
}
if (key->disabled)
{
fprintf (stderr, "Key unexpectedly disabled\n");
exit (1);
}
if (key->invalid)
{
fprintf (stderr, "Key unexpectedly invalid\n");
exit (1);
}
if (key->can_encrypt != keys[i].secret)
{
fprintf (stderr, "Key unexpectedly%s usable for encryption\n",
key->can_encrypt ? "" : " not");
exit (1);
}
if (key->can_sign != keys[i].secret)
{
fprintf (stderr, "Key unexpectedly%s usable for signing\n",
key->can_sign ? "" : " not");
exit (1);
}
if (!key->can_certify)
{
fprintf (stderr, "Key unexpectedly unusable for certifications\n");
exit (1);
}
if (key->secret != keys[i].secret)
{
fprintf (stderr, "Key unexpectedly%s secret\n",
key->secret ? "" : " not");
exit (1);
}
if (key->protocol != GPGME_PROTOCOL_CMS)
{
fprintf (stderr, "Key has unexpected protocol: %s\n",
gpgme_get_protocol_name (key->protocol));
exit (1);
}
if (!key->issuer_serial)
{
fprintf (stderr, "Key unexpectedly misses issuer serial\n");
exit (1);
}
if (strcmp (key->issuer_serial, keys[i].issuer_serial))
{
fprintf (stderr, "Key has unexpected issuer serial: %s\n",
key->issuer_serial);
exit (1);
}
if (!key->issuer_name)
{
fprintf (stderr, "Key unexpectedly misses issuer name\n");
exit (1);
}
if (strcmp (key->issuer_name, keys[i].issuer_name))
{
fprintf (stderr, "Key has unexpected issuer name: %s\n",
key->issuer_name);
exit (1);
}
if (key->chain_id && !keys[i].chain_id)
{
fprintf (stderr, "Key unexpectedly carries chain ID: %s\n",
key->chain_id);
exit (1);
}
if (!key->chain_id && keys[i].chain_id)
{
fprintf (stderr, "Key unexpectedly carries no chain ID\n");
exit (1);
}
if (key->chain_id && strcmp (key->chain_id, keys[i].chain_id))
{
fprintf (stderr, "Key carries unexpected chain ID: %s\n",
key->chain_id);
exit (1);
}
if (key->owner_trust != GPGME_VALIDITY_UNKNOWN)
{
fprintf (stderr, "Key has unexpected owner trust: %i\n",
key->owner_trust);
exit (1);
}
if (!key->subkeys || key->subkeys->next)
{
fprintf (stderr, "Key has unexpected number of subkeys\n");
exit (1);
}
/* Primary key. */
if (key->subkeys->revoked)
{
fprintf (stderr, "Primary key unexpectedly revoked\n");
exit (1);
}
if (key->subkeys->expired)
{
fprintf (stderr, "Primary key unexpectedly expired\n");
exit (1);
}
if (key->subkeys->disabled)
{
fprintf (stderr, "Primary key unexpectedly disabled\n");
exit (1);
}
if (key->subkeys->invalid)
{
fprintf (stderr, "Primary key unexpectedly invalid\n");
exit (1);
}
if (key->subkeys->can_encrypt != keys[i].secret)
{
fprintf (stderr, "Key unexpectedly%s usable for encryption\n",
key->subkeys->can_encrypt ? "" : " not");
exit (1);
}
if (key->subkeys->can_sign != keys[i].secret)
{
fprintf (stderr, "Key unexpectedly%s usable for signing\n",
key->subkeys->can_sign ? "" : " not");
exit (1);
}
if (!key->subkeys->can_certify)
{
fprintf (stderr, "Primary key unexpectedly unusable for certifications\n");
exit (1);
}
if (key->subkeys->secret != keys[i].secret)
{
fprintf (stderr, "Primary Key unexpectedly%s secret\n",
key->secret ? "" : " not");
exit (1);
}
if (key->subkeys->pubkey_algo != GPGME_PK_RSA)
{
fprintf (stderr, "Primary key has unexpected public key algo: %s\n",
gpgme_pubkey_algo_name (key->subkeys->pubkey_algo));
exit (1);
}
if (key->subkeys->length != keys[i].key_length)
{
fprintf (stderr, "Primary key has unexpected length: %i\n",
key->subkeys->length);
exit (1);
}
if (strcmp (key->subkeys->keyid, &keys[i].fpr[40 - 16]))
{
fprintf (stderr, "Primary key has unexpected key ID: %s\n",
key->subkeys->keyid);
exit (1);
}
if (strcmp (key->subkeys->fpr, keys[i].fpr))
{
fprintf (stderr, "Primary key has unexpected fingerprint: %s\n",
key->subkeys->fpr);
exit (1);
}
if (key->subkeys->timestamp != keys[i].timestamp)
{
fprintf (stderr, "Primary key unexpected timestamp: %lu\n",
key->subkeys->timestamp);
exit (1);
}
if (key->subkeys->expires != keys[i].expires)
{
fprintf (stderr, "Primary key unexpectedly expires: %lu\n",
key->subkeys->expires);
exit (1);
}
/* Be tolerant against a missing email (ie, older gpgsm versions). */
if (!key->uids || (key->uids->next && !keys[i].email))
{
fprintf (stderr, "Key has unexpected number of user IDs\n");
exit (1);
}
if (key->uids->revoked)
{
fprintf (stderr, "User ID unexpectedly revoked\n");
exit (1);
}
if (key->uids->invalid)
{
fprintf (stderr, "User ID unexpectedly invalid\n");
exit (1);
}
if (key->uids->validity != keys[i].validity)
{
fprintf (stderr, "User ID unexpectedly validity: %i\n",
key->uids->validity);
exit (1);
}
if (key->uids->signatures)
{
fprintf (stderr, "User ID unexpectedly signed\n");
exit (1);
}
if (!key->uids->name || key->uids->name[0])
{
fprintf (stderr, "Unexpected name in user ID: %s\n",
key->uids->name);
exit (1);
}
if (!key->uids->comment || key->uids->comment[0])
{
fprintf (stderr, "Unexpected comment in user ID: %s\n",
key->uids->comment);
exit (1);
}
if (!key->uids->email || key->uids->email[0])
{
fprintf (stderr, "Unexpected email in user ID: %s\n",
key->uids->email);
exit (1);
}
if (!key->uids->uid || strcmp (key->uids->uid, keys[i].uid))
{
fprintf (stderr, "Unexpected uid in user ID: %s\n",
key->uids->uid);
exit (1);
}
if (key->uids->next && strcmp (key->uids->next->uid, keys[i].email))
{
fprintf (stderr, "Unexpected email in user ID: %s\n",
key->uids->next->uid);
exit (1);
}
if (key->uids->next && strcmp (key->uids->next->uid, keys[i].email))
{
fprintf (stderr, "Unexpected email in user ID: %s\n",
key->uids->next->uid);
exit (1);
}
gpgme_key_unref (key);
i++;
}
if (gpg_err_code (err) != GPG_ERR_EOF)
fail_if_err (err);
err = gpgme_op_keylist_end (ctx);
fail_if_err (err);
result = gpgme_op_keylist_result (ctx);
if (result->truncated)
{
fprintf (stderr, "Key listing unexpectedly truncated\n");
exit (1);
}
if (keys[i].fpr)
{
fprintf (stderr, "Less keys returned than expected\n");
exit (1);
}
gpgme_release (ctx);
return 0;
}
gpgme_verify_result_t
gpgme_op_verify_result (gpgme_ctx_t ctx)
{
void *hook;
op_data_t opd;
gpgme_error_t err;
gpgme_signature_t sig;
TRACE_BEG (DEBUG_CTX, "gpgme_op_verify_result", ctx);
err = _gpgme_op_data_lookup (ctx, OPDATA_VERIFY, &hook, -1, NULL);
opd = hook;
if (err || !opd)
{
TRACE_SUC0 ("result=(null)");
return NULL;
}
/* It is possible that we saw a new signature only followed by an
ERROR line for that. In particular a missing X.509 key triggers
this. In this case it is surprising that the summary field has
not been updated. We fix it here by explicitly looking for this
case. The real fix would be to have GPGME emit ERRSIG. */
for (sig = opd->result.signatures; sig; sig = sig->next)
{
if (!sig->summary)
{
switch (gpg_err_code (sig->status))
{
case GPG_ERR_KEY_EXPIRED:
sig->summary |= GPGME_SIGSUM_KEY_EXPIRED;
break;
case GPG_ERR_NO_PUBKEY:
sig->summary |= GPGME_SIGSUM_KEY_MISSING;
break;
default:
break;
}
}
}
/* Now for some tracing stuff. */
if (_gpgme_debug_trace ())
{
int i;
for (sig = opd->result.signatures, i = 0; sig; sig = sig->next, i++)
{
TRACE_LOG4 ("sig[%i] = fpr %s, summary 0x%x, status %s",
i, sig->fpr, sig->summary, gpg_strerror (sig->status));
TRACE_LOG6 ("sig[%i] = timestamps 0x%x/0x%x flags:%s%s%s",
i, sig->timestamp, sig->exp_timestamp,
sig->wrong_key_usage ? "wrong key usage" : "",
sig->pka_trust == 1 ? "pka bad"
: (sig->pka_trust == 2 ? "pka_okay" : "pka RFU"),
sig->chain_model ? "chain model" : "");
TRACE_LOG5 ("sig[%i] = validity 0x%x (%s), algos %s/%s",
i, sig->validity, gpg_strerror (sig->validity_reason),
gpgme_pubkey_algo_name (sig->pubkey_algo),
gpgme_hash_algo_name (sig->hash_algo));
if (sig->pka_address)
{
TRACE_LOG2 ("sig[%i] = PKA address %s", i, sig->pka_address);
}
if (sig->notations)
{
TRACE_LOG1 ("sig[%i] = has notations (not shown)", i);
}
}
}
TRACE_SUC1 ("result=%p", &opd->result);
return &opd->result;
}
SEXP R_gpg_keylist(SEXP filter, SEXP secret_only, SEXP local) {
gpgme_keylist_mode_t mode = gpgme_get_keylist_mode(ctx);
mode |= asLogical(local) ? GPGME_KEYLIST_MODE_LOCAL : GPGME_KEYLIST_MODE_EXTERN;
mode |= GPGME_KEYLIST_MODE_SIGS;
mode |= GPGME_KEYLIST_MODE_SIG_NOTATIONS;
gpgme_set_keylist_mode (ctx, mode);
gpgme_set_protocol (ctx, GPGME_PROTOCOL_OpenPGP);
//gpgme_set_global_flag("auto-key-locate", "hkp://pgp.mit.edu");
bail(gpgme_op_keylist_start (ctx, CHAR(STRING_ELT(filter, 0)), asLogical(secret_only)), "starting keylist");
struct keylist *keys = (struct keylist *) malloc(sizeof(struct keylist));
struct keylist *head = keys;
gpgme_error_t err;
int count = 0;
while(1){
err = gpgme_op_keylist_next (ctx, &(keys->key));
if(gpg_err_code (err) == GPG_ERR_EOF)
break;
bail(err, "getting next key");
keys->next = (struct keylist *) malloc(sizeof(struct keylist));
keys = keys->next;
count++;
}
/* convert the linked list into vectors */
SEXP keyid = PROTECT(allocVector(STRSXP, count));
SEXP fpr = PROTECT(allocVector(STRSXP, count));
SEXP name = PROTECT(allocVector(STRSXP, count));
SEXP email = PROTECT(allocVector(STRSXP, count));
SEXP algo = PROTECT(allocVector(STRSXP, count));
SEXP timestamp = PROTECT(allocVector(INTSXP, count));
SEXP expires = PROTECT(allocVector(INTSXP, count));
gpgme_key_t key;
for(int i = 0; i < count; i++){
key = head->key;
SET_STRING_ELT(keyid, i, make_char(key->subkeys->keyid));
SET_STRING_ELT(fpr, i, make_char(key->subkeys->fpr));
SET_STRING_ELT(algo, i, make_char(gpgme_pubkey_algo_name(key->subkeys->pubkey_algo)));
if(key->issuer_name)
SET_STRING_ELT(fpr, i, make_char(key->issuer_name));
if(key->uids && key->uids->name)
SET_STRING_ELT(name, i, make_char(key->uids->name));
if(key->uids && key->uids->email)
SET_STRING_ELT(email, i, make_char(key->uids->email));
INTEGER(timestamp)[i] = (key->subkeys->timestamp > 0) ? key->subkeys->timestamp : NA_INTEGER;
INTEGER(expires)[i] = (key->subkeys->expires > 0) ? key->subkeys->expires : NA_INTEGER;
keys = head;
head = head->next;
gpgme_key_unref (key);
free(keys);
}
SEXP result = PROTECT(allocVector(VECSXP, 7));
SET_VECTOR_ELT(result, 0, keyid);
SET_VECTOR_ELT(result, 1, fpr);
SET_VECTOR_ELT(result, 2, name);
SET_VECTOR_ELT(result, 3, email);
SET_VECTOR_ELT(result, 4, algo);
SET_VECTOR_ELT(result, 5, timestamp);
SET_VECTOR_ELT(result, 6, expires);
UNPROTECT(8);
return result;
}
static char * geanypg_result(gpgme_signature_t sig)
{
char * format =
_("status ....: %s\n"
"summary ...:%s\n"
"fingerprint: %s\n"
"created ...: %s"
"expires ...: %s"
"validity ..: %s\n"
"val.reason : %s\n"
"pubkey algo: %s\n"
"digest algo: %s\n"
"pka address: %s\n"
"pka trust .: %s\n"
"other flags:%s%s\n"
"notations .: %s\n");
char * buffer;
char summary[128];
const char * pubkey = gpgme_pubkey_algo_name(sig->pubkey_algo);
const char * hash = gpgme_hash_algo_name(sig->hash_algo);
char created[64];
char expires[64];
size_t buffer_size;
if (sig->timestamp)
strncpy(created, ctime((time_t*)&sig->timestamp), 64);
else
strcpy(created, _("Unknown\n"));
if (sig->exp_timestamp)
strncpy(expires, ctime((time_t*)&sig->exp_timestamp), 64);
else
strcpy(expires, _("Unknown\n"));
buffer_size = strlen(format) +
strlen(gpgme_strerror(sig->status)) +
strlen(geanypg_summary(sig->summary, summary)) +
strlen(sig->fpr ? sig->fpr : _("[None]")) +
strlen(created) +
strlen(expires) +
strlen(geanypg_validity(sig->validity)) +
strlen(gpgme_strerror(sig->status)) +
strlen(pubkey ? pubkey : _("Unknown")) +
strlen(hash ? hash : _("Unknown")) +
strlen(sig->pka_address ? sig->pka_address : _("[None]")) +
strlen(sig->pka_trust == 0 ? _("n/a") : sig->pka_trust == 1 ? _("bad") : sig->pka_trust == 2 ? _("okay"): _("RFU")) +
strlen(sig->wrong_key_usage ? _(" wrong-key-usage") : "") +
strlen(sig->chain_model ? _(" chain-model") : "") +
strlen(sig->notations ? _("yes") : _("no")) + 1; // and a trailing \0
buffer = (char *)calloc(buffer_size, 1);
memset(summary, 0, 128);
sprintf(buffer, format,
gpgme_strerror(sig->status),
geanypg_summary(sig->summary, summary),
sig->fpr ? sig->fpr : _("[None]"),
created,
expires,
geanypg_validity(sig->validity),
gpgme_strerror(sig->status),
pubkey ? pubkey : _("Unknown"),
hash ? hash : _("Unknown"),
sig->pka_address ? sig->pka_address : _("[None]"),
sig->pka_trust == 0 ? _("n/a") : sig->pka_trust == 1 ? _("bad") : sig->pka_trust == 2 ? _("okay"): _("RFU"),
sig->wrong_key_usage ? _(" wrong-key-usage") : "", sig->chain_model ? _(" chain-model") : "",
sig->notations ? _("yes") : _("no"));
return buffer;
}
const char *GpgME::CreatedSignature::publicKeyAlgorithmAsString() const
{
return gpgme_pubkey_algo_name(isNull() ? (gpgme_pubkey_algo_t)0 : d->created[idx]->pubkey_algo);
}
void
seahorse_gpgme_subkey_set_subkey (SeahorseGpgmeSubkey *self, gpgme_subkey_t subkey)
{
gchar *description, *fingerprint, *name;
SeahorsePgpSubkey *base;
const gchar *algo_type;
GObject *obj;
gpgme_subkey_t sub;
gint i, index;
guint flags;
g_return_if_fail (SEAHORSE_IS_GPGME_SUBKEY (self));
g_return_if_fail (subkey);
/* Make sure that this subkey is in the pubkey */
index = -1;
for (i = 0, sub = self->pv->pubkey->subkeys; sub; ++i, sub = sub->next) {
if(sub == subkey) {
index = i;
break;
}
}
g_return_if_fail (index >= 0);
/* Calculate the algorithm */
algo_type = gpgme_pubkey_algo_name (subkey->pubkey_algo);
if (algo_type == NULL)
algo_type = C_("Algorithm", "Unknown");
else if (g_str_equal ("Elg", algo_type) || g_str_equal("ELG-E", algo_type))
algo_type = _("ElGamal");
/* Additional properties */
fingerprint = seahorse_pgp_subkey_calc_fingerprint (subkey->fpr);
name = seahorse_gpgme_uid_calc_name (self->pv->pubkey->uids);
description = seahorse_pgp_subkey_calc_description (name, index);
self->pv->subkey = subkey;
obj = G_OBJECT (self);
g_object_freeze_notify (obj);
base = SEAHORSE_PGP_SUBKEY (self);
seahorse_pgp_subkey_set_index (base, index);
seahorse_pgp_subkey_set_keyid (base, subkey->keyid);
seahorse_pgp_subkey_set_algorithm (base, algo_type);
seahorse_pgp_subkey_set_length (base, subkey->length);
seahorse_pgp_subkey_set_description (base, description);
seahorse_pgp_subkey_set_fingerprint (base, fingerprint);
seahorse_pgp_subkey_set_created (base, subkey->timestamp);
seahorse_pgp_subkey_set_expires (base, subkey->expires);
/* The order below is significant */
flags = 0;
if (subkey->revoked)
flags |= SEAHORSE_FLAG_REVOKED;
if (subkey->expired)
flags |= SEAHORSE_FLAG_EXPIRED;
if (subkey->disabled)
flags |= SEAHORSE_FLAG_DISABLED;
if (flags == 0 && !subkey->invalid)
flags |= SEAHORSE_FLAG_IS_VALID;
if (subkey->can_encrypt)
flags |= SEAHORSE_FLAG_CAN_ENCRYPT;
if (subkey->can_sign)
flags |= SEAHORSE_FLAG_CAN_SIGN;
if (subkey->can_certify)
flags |= SEAHORSE_FLAG_CAN_CERTIFY;
if (subkey->can_authenticate)
flags |= SEAHORSE_FLAG_CAN_AUTHENTICATE;
seahorse_pgp_subkey_set_flags (base, flags);
g_object_notify (obj, "subkey");
g_object_thaw_notify (obj);
g_free (description);
g_free (name);
g_free (fingerprint);
}
static void
print_result (gpgme_verify_result_t result)
{
gpgme_signature_t sig;
gpgme_sig_notation_t nt;
gpgme_tofu_info_t ti;
int count = 0;
printf ("Original file name: %s\n", nonnull(result->file_name));
for (sig = result->signatures; sig; sig = sig->next)
{
printf ("Signature %d\n", count++);
printf (" status ....: %s\n", gpgme_strerror (sig->status));
printf (" summary ...:");
print_summary (sig->summary);
putchar ('\n');
printf (" fingerprint: %s\n", nonnull (sig->fpr));
printf (" created ...: %lu\n", sig->timestamp);
printf (" expires ...: %lu\n", sig->exp_timestamp);
printf (" validity ..: ");
print_validity (sig->validity);
putchar ('\n');
printf (" val.reason : %s\n", gpgme_strerror (sig->status));
printf (" pubkey algo: %d (%s)\n", sig->pubkey_algo,
nonnull(gpgme_pubkey_algo_name (sig->pubkey_algo)));
printf (" digest algo: %d (%s)\n", sig->hash_algo,
nonnull(gpgme_hash_algo_name (sig->hash_algo)));
printf (" pka address: %s\n", nonnull (sig->pka_address));
printf (" pka trust .: %s\n",
sig->pka_trust == 0? "n/a" :
sig->pka_trust == 1? "bad" :
sig->pka_trust == 2? "okay": "RFU");
printf (" other flags:%s%s\n",
sig->wrong_key_usage? " wrong-key-usage":"",
sig->chain_model? " chain-model":""
);
for (nt = sig->notations; nt; nt = nt->next)
{
printf (" notation ..: '%s'\n", nt->name);
if (strlen (nt->name) != nt->name_len)
printf (" warning : name larger (%d)\n", nt->name_len);
printf (" flags ...:%s%s (0x%02x)\n",
nt->critical? " critical":"",
nt->human_readable? " human":"",
nt->flags);
if (nt->value)
printf (" value ...: '%s'\n", nt->value);
if ((nt->value?strlen (nt->value):0) != nt->value_len)
printf (" warning : value larger (%d)\n", nt->value_len);
}
for (ti = sig->tofu; ti; ti = ti->next)
{
printf (" tofu addr .: %s\n", ti->address);
if (!sig->fpr || strcmp (sig->fpr, ti->fpr))
printf (" WARNING .: fpr mismatch (%s)\n", ti->fpr);
printf (" validity : %u (%s)\n", ti->validity,
ti->validity == 0? "conflict" :
ti->validity == 1? "no history" :
ti->validity == 2? "little history" :
ti->validity == 3? "enough history" :
ti->validity == 4? "lot of history" : "?");
printf (" policy ..: %u (%s)\n", ti->policy,
ti->policy == GPGME_TOFU_POLICY_NONE? "none" :
ti->policy == GPGME_TOFU_POLICY_AUTO? "auto" :
ti->policy == GPGME_TOFU_POLICY_GOOD? "good" :
ti->policy == GPGME_TOFU_POLICY_UNKNOWN? "unknown" :
ti->policy == GPGME_TOFU_POLICY_BAD? "bad" :
ti->policy == GPGME_TOFU_POLICY_ASK? "ask" : "?");
printf (" sigcount : %hu\n", ti->signcount);
printf (" firstseen: %u\n", ti->firstseen);
printf (" lastseen : %u\n", ti->lastseen);
printf (" desc ....: ");
print_description (nonnull (ti->description), 15);
}
}
}
